CCNA实验手册 下载本文

Root 表示根端口,Altn 表示后 备端口。 回顾生成树决策的 4 个步骤:

百思学网络,领先科技 -43- HTTP://WWW.BESTXUE.CN

通过在 SW1,SW2 上 show spanning-tree 得到以下结果. SW1(根交换机) F0/23-------------------指定端口 F0/24-------------------指定端口 SW2(非根交换机) F0/23-------------------根端口 F0/24-------------------blocking 端口 生成树决策过程: ·选根交换机: One root bridge per network(每个网络只有一个根桥) 根桥的选举〆Lowest BID (最小的BID) SW1 的竞选根交换机参数: Bridge ID: Priority 32768 MAC Address 0008.20ff.6400 SW2 的竞选根交换机参数: Bridge ID: Priority 32768 MAC Address 000d.bce7.5940 选择根交换机第一个条件先看优先级 Priority 再看 MAC 地址,缺省 SW1 和 SW2 的优先级都是 32768,通过 优先级无法选择根交换机,只能通过 MAC 地址选择,交换机的 MAC 地址可以通过 show version 查看. SW1 的 MAC 地址 0008.20ff.6400 比 SW2 的 MAC 地址 000d.bce7.5940 小,越小越优先,所以 SW1 为根交换机 ·选根端口: One root port per nonroot bridge(每个非根桥都有一个根端口) 根端口(RP)〆Lowest path cost to root bridge 每个非根桥有且只有一个根端口,非根桥到达根桥所需开 销最小的那个端口即为根端口。(可转发流量) 选举RP/DP的方法:(RP—根端

口 ,DP—指定端口) 1.Lowest RID(最小的RID) 这里是(根桥)的BID 2.Lowest path cost to root bridge(到达根的最小路径开销) 3.lowest sender BID (最小的发送BID) 4.Lowest sender port ID 当两台交换机之间有两条线路直连时会用到这一项来选 (比如本实验中批 定端口的选择就会用到这一项) SW1 为根桥,不会有根端口,因为只有非根桥有根端口: SW2 为非根桥,根端口肯定是 F0/23 ,F0/24 的其中一个: F0/23 ,F0/24 这个两个端口选举根端口的条件: (非根桥到达根桥所需开销最小的那个端口即为根端口) F0/23 到达根网桥的开销(cost)为 19 F0/24 到达根网桥的开销(cost)为 19 通过非根桥到达根桥所需开销最小这个条件没法选出根端口,只能再看生成树决策的第3个条件即lowest sender BID (最小的发送BID) 通过 lowest sender BID (最小的发送 BID)选举,但 F0/23,F0/24 都是在 SW2(非根桥)上的两个端口 lowest sender BID 都是: Bridge ID: Priority 32768 MAC Address 000d.bce7.5940 百思学网络,领先科技 -44- HTTP://WWW.BESTXUE.CN

所以这里无法通过lowest sender BID选出根端口,只能再看生成树决策的第4个条件Lowest sender port ID,当两台交换机之间有两条线路直连时会用到这一项(端口号越小越优先) F0/23比F0/24小,所以F0/23优先.最终可以选出根端口F0/23 SW2上剩下F0/24的就是blocking端口 在SW2上show spanning-tree验证: SW2#show spanning-tree VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0008.20ff.6400 Cost 19 Port 23 (FastEthernet0/23) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 000d.bce7.5940 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- --------

-------------------------------- Fa0/23 Root FWD 19 128.23 P2p --------------注: F0/23 为根端口 Fa0/24 Altn BLK 19 128.24 P2p ------注: SW2 上 F0/24 就是 blocking 端口 总结:

看上图,从SW2到SW1的所有数据流量最终通过线点1到达,SW2的F0/24处于备份状态,在SW2上show spanning-tree可以看到F0/24的端口角色为Altn,即线路2作为线路1上备份链路. CST 的缺点:最终有一条链路总是处在备份的状态,就像本实验中线路 2 处在备份的状态,我们想 象假如线路 1 永远不会出问题,如果这样,那好像线路 2 的存在是多余的,于是我们有个想法就是能不能 两条链路都利用起来,比如说一部分流量走线路 1,另一部分流量走线路 2,其实是可以的,CISCO 的 PVST+产生就由来于此,我们将在下个实验中介绍 PVST+。 百思学网络,领先科技 -45- HTTP://WWW.BESTXUE.CN

实验11. PVST+(每个 VLAN 的生成树 PVST 加) 实验拓扑:

分别在 SW1 和 SW2 上 show spanning-tree 查看结果: SW1#show spanning-tree VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0008.20ff.6400 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 0008.20ff.6400 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 15 Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- --------

-------------------------------- Fa0/23 Desg FWD 19 128.23 P2p Fa0/24 Desg FWD 19 128.24 P2p SW2#show spanning-tree VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0008.20ff.6400 Cost 19 Port 23 (FastEthernet0/23) Hello Time 2 sec Max Age 20 sec

Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 000d.bce7.5940 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------- Fa0/23 Root FWD 19 128.23 P2p

百思学网络,领先科技 -46- HTTP://WWW.BESTXUE.CN Fa0/24 Altn BLK 19 128.24 P2p 注:以上拓扑中经过选举最终 SW1 为根网桥,SW2 的 F0/24 为 blocking 端口,也是就线路 2 成为了备份 链路。 分别在 SW1 和 SW2 上创建 VLAN2,VLAN3,VLAN4,按如下拓扑要求完成本实验: 在 SW1 上创建 VLAN2,VLAN3,VLAN4 并查看: SW1(config)#vlan 2-4 SW1#show vlan VLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 2 VLAN0002 active 3 VLAN0003 active 4 VLAN0004 active

1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22 在 SW2 上创建 VLAN2,VLAN3,VLAN4 并查看: SW2(config)#vlan 2-4 SW2#show vlan VLAN Name Status Ports ----

-------------------------------- --------- ------------------------------- 1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4 Fa0/5, Fa0/6, Fa0/7, Fa0/8 Fa0/9, Fa0/10, Fa0/11, Fa0/12 Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20 Fa0/21, Fa0/22

2 VLAN0002 active 3 VLAN0003 active 4 VLAN0004 active

按如下拓扑要求完成本实验: 要求:SW2 的 VLAN1 和 VLAN2 流量通过线路 1 到达 SW1 , SW2 的 VLAN3 和 VLAN4 的流量经 过线路 2 到达 SW1,当其中一条链路有问题走同一链路.

百思学网络,领先科技 -47- HTTP://WWW.BESTXUE.CN

分别在 SW1 和 SW2 上创建了 VLAN2-4 后查看目前的生成树状态. 在 SW1 上查看: 命令:show spanning-tree vlan 1 show spanning-tree vlan 2 show spanning-tree vlan 3 show

spanning-tree vlan 4 SW1#show spanning-tree vlan 1 VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0008.20ff.6400 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 0008.20ff.6400 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- --------------------------------

Fa0/23 Desg FWD 19 128.23 P2p Fa0/24 Desg FWD 19 128.24 P2p

SW1#show spanning-tree vlan 2 VLAN0002 Spanning tree enabled protocol ieee Root ID Priority 32770 Address 0008.20ff.6400 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32770

(priority 32768 sys-id-ext 2) Address 0008.20ff.6400 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type

Fa0/23 Desg FWD 19 128.23 P2p Fa0/24 Desg FWD 19 128.24 P2p

---------------- ---- --- --------- --------

-------------------------------- SW1#show spanning-tree vlan 3 VLAN0003 Spanning tree enabled protocol ieee Root ID Priority 32771 Address 0008.20ff.6400 This bridge is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32771 (priority 32768 sys-id-ext 3) Address

0008.20ff.6400 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- --------

-------------------------------- Fa0/23 Desg FWD 19 128.23 P2p Fa0/24 Desg FWD 19

128.24 P2p SW1#show spanning-tree vlan 4 VLAN0004 Spanning tree enabled protocol ieee Root ID Priority 32772 Address 0008.20ff.6400 This bridge is the root

百思学网络,领先科技 -48- HTTP://WWW.BESTXUE.CN

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32772 (priority 32768 sys-id-ext 4) Address 0008.20ff.6400 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------- Fa0/23 Desg FWD 19 128.23 P2p Fa0/24 Desg FWD 19 128.24 P2p 结果:查看生成树状态后发现针对VLAN1,VLAN2,VLAN3,VLAN3,SW1 都是扮演根网桥角色.SW1连接 SW2 的两个端口 F0/23,F0/24 都是指定端口. 在 SW2 上查看: 命令:show spanning-tree vlan 1 show spanning-tree vlan 2 show spanning-tree vlan 3 show spanning-tree vlan 4 SW2#show

spanning-tree vlan 1 VLAN0001 Spanning tree enabled protocol ieee Root ID Priority 32769 Address 0008.20ff.6400 Cost 19 Port 23 (FastEthernet0/23) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32769 (priority 32768 sys-id-ext 1) Address 000d.bce7.5940 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- --------------------------------

Fa0/23 Root FWD 19 128.23 P2p Fa0/24 Altn BLK 19 128.24 P2p SW2#show spanning-tree vlan 2 VLAN0002 Spanning tree enabled protocol ieee Root ID Priority 32770 Address 0008.20ff.6400 Cost 19 Port 23 (FastEthernet0/23) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32770 (priority 32768 sys-id-ext 2) Address 000d.bce7.5940 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- -------------------------------- Fa0/23 Root FWD 19 128.23 P2p Fa0/24 Altn BLK 19 128.24 P2p SW2#show spanning-tree vlan 3 VLAN0003 Spanning tree enabled protocol ieee Root ID Priority 32771

百思学网络,领先科技 -49- HTTP://WWW.BESTXUE.CN

Address 0008.20ff.6400 Cost 19 Port 23 (FastEthernet0/23) Hello Time 2 sec Max Age 20 sec

Forward Delay 15 sec Bridge ID Priority 32771 (priority 32768 sys-id-ext 3) Address 000d.bce7.5940 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------- Fa0/23 Root FWD 19 128.23 P2p

Fa0/24 Altn BLK 19 128.24 P2p SW2#show spanning-tree vlan 4 VLAN0004 Spanning tree enabled protocol ieee Root ID Priority 32772 Address 0008.20ff.6400 Cost 19 Port 23 (FastEthernet0/23) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32772 (priority 32768 sys-id-ext 4) Address 000d.bce7.5940 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- --------------------------------

Fa0/23 Root FWD 19 128.23 P2p Fa0/24 Altn BLK 19 128.24 P2p 结果:查看生成树状态后发现针对 VLAN1,VLAN2,VLAN3,VLAN3,SW2 都是扮演非根网桥角色, SW2 的端口 F0/24 都处在 blocking 状态. 问题所在:通过在 SW1 和 SW2 查看得到的结果我们来分析一下,现在 SW1 的 VLAN1 和 VLAN2 是 通过线路 1 到达 SW1 的,这符合本实验的要求,但 VLAN3,VLAN4 到 SW1 走线路 1 不符合本实验的要 求,VLAN3,VLAN4 到 SW1 要求走线路 2. 分析:SW2 的 VLAN3,VLAN4 到 SW1 为什么走线路 1 呢?因为 SW2 相对于 VLAN3,VLAN4 来说到达 SW1 F0/24 都是 blocking 状态,F0/23 为转发状态,导致 VLNA3,VLAN3 通过 F0/23 走线路 1 到达 SW1. 解决方法:在 SW2 上 VLAN2,VLAN3 要到达 SW1 只要 SW2 的 F0/23 为 blocking 状态,F0/24 为转发状 态,就达到本实验的要求(SW2 的 VLAN3,VLAN4 到 SW1 走线路 2) 之所以 SW2 的 F0/24 为 blocking 状态,是因为相对于 VLAN3,VLAN4 来说在通过生成树决策的第 4 步 时,F0/23 端口号小于 F0/23,小的优先,Lowest sender port ID 当两台交换机之间有两条线路直连时会 用到这一项,<本实验就是这样>。通过以上分析,在 SW2 上相对于 VLAN3,VLAN4 来说,我们可以更改参 数,也就是在生成树决策的第 2 步就可以做出决策,即使用 Lowest path cost to root bridge(到达根的 最小路径开销)。 在 SW2 上相对于 VLAN3,VLAN4 更 F0/24 到根(SW1)的花费,目前为 19,F0/23 到根也为 19,我们更改 F0/24 端口到达 SW1 的花费为 18 就可以满足本实验的要求. 在 SW2 上配置以下命令: SW2(config)#interface fastEthernet 0/24 SW2(config-if)#spanning-tree vlan 3-4 cost 18 查看更改的配置: SW2#show run int f0/24 interface FastEthernet0/24

百思学网络,领先科技 -50- HTTP://WWW.BESTXUE.CN

spanning-tree vlan 3-4 cost 18 end 做上以上配置后在 SW2 上查看当前的 VLAN3,VLAN4 的生成树状态: SW2#show spanning-tree vlan 3 VLAN0003 Spanning tree enabled protocol ieee Root ID Priority 32771 Address 0008.20ff.6400 Cost 18 Port 24 (FastEthernet0/24) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32771 (priority 32768 sys-id-ext 3) Address 000d.bce7.5940 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------- Fa0/23 Altn BLK 19 128.23 P2p Fa0/24 Root FWD 18 128.24 P2p SW2#show spanning-tree vlan 4

VLAN0004 Spanning tree enabled protocol ieee Root ID Priority 32772 Address 0008.20ff.6400 Cost 18 Port 24 (FastEthernet0/24) Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32772 (priority 32768 sys-id-ext 4) Address 000d.bce7.5940 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 Interface Role Sts Cost Prio.Nbr Type ---------------- ---- --- --------- -------- -------------------------------- Fa0/23 Altn BLK 19 128.23 P2p Fa0/24 Root FWD 18 128.24 P2p 通过命令 show spanning-tree vlan 3 , show spanning-tree vlan 4 查看,我们发现 F0/23 为 blocking 状态,SW2 的 VLAN3,VLAN4 到达 SW1 的通过 F0/24 到达,也就是走线路 2,实现在本实验的要求。最终线路1,线路 2 流量走势图: 百思学网络,领先科技 -51- HTTP://WWW.BESTXUE.CN

实验12. Configuring Link Aggregation with EtherChannel

配置 SW1〆 interface FastEthernet0/1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 1 mode on // Enable Etherchannel only interface FastEthernet0/2 switchport trunk encapsulation dot1q switchport mode trunk channel-group 1 mode on // Enable Etherchannel only 配置 SW2〆 interface FastEthernet0/1 switchport trunk encapsulation dot1q switchport mode trunk channel-group 1 mode on // Enable Etherchannel only interface FastEthernet0/2 switchport trunk encapsulation dot1q switchport mode trunk channel-group 1 mode on // Enable Etherchannel only 其它参数: sw1(config-if)#channel-group 1 mode ? active Enable LACP unconditionally auto Enable PAgP only if a PAgP device is detected desirable Enable PAgP unconditionally on Enable Etherchannel only passive Enable LACP only if a LACP device is detected

sw2(config-if)#channel-group 1 mode ? active Enable LACP unconditionally auto Enable PAgP only if a PAgP device is detected desirable Enable PAgP unconditionally on Enable Etherchannel only passive Enable LACP only if a LACP device is detected 相关检查命令: sw1#show etherchannel 1

detail Group state = L2 Ports: 2 Maxports = 8 Port-channels: 1 Max Port-channels = 1 Protocol: - Port: Fa0/1 ------------ Ports in the group: ------------------- Port state = Up Mstr In-Bndl 百思学网络,领先科技 -52- HTTP://WWW.BESTXUE.CN

Channel group = 1 Mode = On/FEC Gcchange = - Port-channel = Po1 GC = - Pseudo port-channel = Po1 Port index = 0 Load = 0x00 Protocol = - Age of the port in the current state: 00d:00h:19m:18s Port: Fa0/2 ------------ Port state = Up Mstr In-Bndl Channel group = 1 Mode = On/FEC Gcchange = - Port-channel = Po1 GC = - Pseudo port-channel = Po1 Port index = 0 Load = 0x00 Protocol = - Age of the port in the current state: 00d:00h:19m:18s Port-channels in the group:

--------------------------- Port-channel: Po1 ------------ Age of the Port-channel = 00d:00h:35m:33s Logical slot/port = 1/0 Number of ports = 2 GC = 0x00000000 HotStandBy port = null Port state = Port-channel Ag-Inuse Protocol = - Ports in the Port-channel: Index Load Port EC state No of bits ------+------+------+------------------+----------- 0 00 Fa0/1 On/FEC 0 0 00 Fa0/2 On/FEC 0

Time since last port bundled: 00d:00h:19m:19s Fa0/2 Time since last port Un-bundled: 00d:00h:23m:27s Fa0/2 sw1#show etherchannel ? <1-64> Channel group number

detail Detail information

load-balance Load-balance/frame-distribution scheme among ports in port-channel

port Port information port-channel Port-channel information protocol protocol enabled summary One-line summary per channel-group | Output modifiers 查看 port-channel 1 的端口状态: Sw1#show interfaces port-channel 1 Port-channel1 is up, line protocol is up (connected) Hardware is EtherChannel, address is 0011.92e4.2782 (bia 0011.92e4.2782) MTU 1500 bytes, BW 200000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 …………………………. Sw2#show interfaces port-channel 1 Port-channel1 is up, line protocol is up (connected) Hardware is EtherChannel, address is 0011.92e4.2782 (bia 0011.92e4.2782) MTU 1500 bytes, BW 200000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set ………………………

百思学网络,领先科技 -53- HTTP://WWW.BESTXUE.CN

实验13. 用 3 台交换机验证 PVST 实验

实验拓扑: 实验要求: 1. 在 SW1,SW2,SW3 上创建 VLAN2 , VLAN3 , VLAN4. 2. 确保核心交换机 SW1 为 VLAN1-4 的根网桥,当 SW1 出现故障时 SW2 成为 VLAN1-4 的 根网桥. 3. 确保交换机 SW3 的 VLAN1,VLAN2 到核心网络(SW1,SW2)的流量走线路 1 4. 确保交换机 SW3 的 VLAN3,VLAN4 到核心网络(SW1,SW2)的流量走线路 2 实验步骤: 一、实现实验要求 1: 1.在 SW1,SW2,SW3 上创建 VLAN2 , VLAN3 , VLAN4. 配置 SW1: 创建 VLAN2-4 SW1(config)#vlan 2-4 查看 VLAN: SW1#show vlan VLAN Name Status Ports ----

-------------------------------- --------- ------------------------------- 1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6 Fa0/7, Fa0/8, Fa0/9, Fa0/10 Fa0/11, Fa0/12, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fa0/18 Fa0/19, Fa0/20, Fa0/21, Fa0/22 Fa0/23, Fa0/24, Gi0/1, Gi0/2 2 VLAN0002 active 3 VLAN0003 active 4 VLAN0004 active 配置 SW2: 创建 VLAN2-4 SW2(config)#vlan 2-4 查看 VLAN: SW2#show vlan VLAN Name Status Ports ---- -------------------------------- ---------

------------------------------- 1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6 Fa0/7, Fa0/8, Fa0/9, Fa0/10 Fa0/11, Fa0/12, Fa0/13, Fa0/14 Fa0/15, Fa0/16, Fa0/17, Fa0/18

备份根网桥 根网桥 非根网桥

100M